How to: Connect to the WCF Application Server from Non-XAF Applications

This topic demonstrates the code that you can use in any non-XAF application to access data protected with the Middle Tier WCF Application Server.


A complete sample project is available in the DevExpress Code Examples database at

Initialize Metadata for Persistent Classes

In the code below, metadata on Employee, Project and Task persistent classes is initialized.

XPDictionary dictionary = new ReflectionDictionary();
Type[] types = { typeof(Employee), typeof(Project), typeof(Task) }

You can collect metadata for all persistent classes automatically when your data model is in a separate assembly. In the snippet below, metadata for all persistent classes in the assembly that contains the Employee class is collected:


Establish a Connection

Inherit the WcfSecuredClient class, override the GetLogonParameter method and declare the Logon method with the userName and password parameters:

public class CustomWcfSecuredClient : WcfSecuredClient {
    private object logonParameters;
    public CustomWcfSecuredClient(Binding binding, EndpointAddress remoteAddress) : base(binding, remoteAddress) {
    public void Logon(string userName, string password) {
        logonParameters = new AuthenticationStandardLogonParameters(userName, password);
    protected override object GetLogonParameter() {
        return logonParameters;

The code below demonstrates how to create a WCF Client Object and an Object Access Layer as a user named "User" with an empty string password.

CustomWcfSecuredClient wcfSecuredClient = new CustomWcfSecuredClient(
    WcfDataServerHelper.CreateNetTcpBinding(), new EndpointAddress("net.tcp://localhost:1424/DataServer"));

Check if a Specific Permission is Granted

Before checking whether a specific permission is granted, call the CustomWcfSecuredClient.GetSecurityStrategyInfo method and pass the username and password to the CustomWcfSecuredClient.Logon method:

wcfSecuredClient.Logon("User", "");

When the WCF client is initialized, and the user is logged on, you can create a permission request and check whether a user has a specific permission via the client's IsGranted method.

SerializablePermissionRequest readRequest = new SerializablePermissionRequest(typeof(Employee), null, null, SecurityOperations.Read);
bool isReadGranted = wcfSecuredClient.IsGranted(readRequest);

SerializablePermissionRequest writeRequest = new SerializablePermissionRequest(typeof(Employee), null, null, SecurityOperations.Write);
bool isWriteGranted = wcfSecuredClient.IsGranted(writeRequest);

Access Data

To access data via the secured Object Access Layer, create a Unit of Work via the constructor that takes an object layer (see UnitOfWork). You can then create an XPCollection in this Unit of Work, or use UnitOfWork methods. Note that an exception is thrown when you access data that is restricted to the current user (the user that was previously specified when the WCF client was created).

MiddleTierSerializableObjectLayerClient securedObjectLayerClient = new MiddleTierSerializableObjectLayerClient(wcfSecuredClient);
SerializableObjectLayerClient objectLayerClient = new SerializableObjectLayerClient(securedObjectLayerClient, dictionary);
UnitOfWork uow = new UnitOfWork(objectLayerClient);
foreach (Task task in new XPCollection<Task>(uow)) {
try {
    var task = uow.FindObject<Task>(new BinaryOperator("Subject", "Check Reports"));
    task.Subject = "Review Reports";
catch(Exception e) {
    Console.WriteLine("Error: " + e.Message);

See Also